/django/contrib/sessions/middleware.py

 1import time
 2
 3from django.conf import settings
 4from django.utils.cache import patch_vary_headers
 5from django.utils.http import cookie_date
 6from django.utils.importlib import import_module
 7
 8class SessionMiddleware(object):
 9    def process_request(self, request):
10        engine = import_module(settings.SESSION_ENGINE)
11        session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
12        request.session = engine.SessionStore(session_key)
13
14    def process_response(self, request, response):
15        """
16        If request.session was modified, or if the configuration is to save the
17        session every time, save the changes and set a session cookie.
18        """
19        try:
20            accessed = request.session.accessed
21            modified = request.session.modified
22        except AttributeError:
23            pass
24        else:
25            if accessed:
26                patch_vary_headers(response, ('Cookie',))
27            if modified or settings.SESSION_SAVE_EVERY_REQUEST:
28                if request.session.get_expire_at_browser_close():
29                    max_age = None
30                    expires = None
31                else:
32                    max_age = request.session.get_expiry_age()
33                    expires_time = time.time() + max_age
34                    expires = cookie_date(expires_time)
35                # Save the session data and refresh the client cookie.
36                request.session.save()
37                response.set_cookie(settings.SESSION_COOKIE_NAME,
38                        request.session.session_key, max_age=max_age,
39                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
40                        path=settings.SESSION_COOKIE_PATH,
41                        secure=settings.SESSION_COOKIE_SECURE or None,
42                        httponly=settings.SESSION_COOKIE_HTTPONLY or None)
43        return response